Reviewing Hyperliquid Black Wednesday: Demand is the Starting Point, Correctness is the Endpoint

Author: YBB Capital Researcher Zeke

I. A Feast of Crows

On March 26, the highly anticipated Dex project Hyperliquid was attacked again. This marks the fourth major security incident since Hyperliquid's TGE last November, and it is the most severe crisis the project has faced since its inception. Looking back at the entire attack path, this method is similar to the previous giant whale that leveraged 50 times to long ETH, but this time the attack was more precise and fierce, resembling a feast of crows targeting Dex.

JELLY, which is at the center of the storm alongside Hyperliquid, is a "washed-up" low liquidity meme token on Solana, with a market cap of only $10 million before the attack began. The lack of depth, combined with the platform launching 50x leverage at its peak, made JELLY the best "explosive" to breach Hyperliquid's treasury. At 9 PM that night, the attacker deposited $3.5 million USDC as margin and opened a short position worth $4.08 million in JELLY (opening price $0.0095), reaching the platform's leverage limit. Meanwhile, a whale address holding 126 million JELLY began to sell off in the spot market, causing the token price to plummet and resulting in floating profits for the short position.

The critical turning point occurred during the margin withdrawal: the attacker quickly withdrew $2.76 million USDC, leading to insufficient margin for the remaining short position, triggering Hyperliquid's automatic liquidation mechanism. The platform's insurance treasury HLP (composed of user-staked funds) was forced to take over the short position of 398 million JELLY. At this point, the attacker began to reverse operations, massively buying JELLY within an hour, causing the price to soar several times to $0.034, resulting in HLP suffering a floating loss of over $10.5 million. If the JELLY price continued to rise above $0.16, HLP would face a risk of total loss of $240 million.

As Hyperliquid fell into trouble, the crows smelled the scent of carrion. Centralized exchanges like Binance and OKX quickly intervened. Within an hour after the attack, both platforms rapidly announced the launch of JELLY perpetual contracts, seemingly using the liquidity depth and influence of centralized exchanges to further push up the token price, exacerbating HLP's loss gap. The market's doubts about these two platforms were rampant, but the more interesting events were yet to come.

The Hyperliquid validator committee voted to delist the JELLY perpetual contract 26 minutes before Binance officially launched the perpetual contract, and the final closing price was also the attacker's opening price (less than a third of the market price at that time), allowing HLP to profit $700,000. In a dilemma, Hyperliquid chose to take a step back, personally tearing down the "shroud" of decentralization.

II. On-Chain Binance?

As a leading protocol in the on-chain perpetual contract space, Hyperliquid accounts for 9% of the total contract trading volume on the blockchain, a level that is far ahead among Dex platforms. In contrast, other Dex platforms (such as Jupiter and dYdX) combined account for only about 5% of Binance's contract trading volume, which is why Hyperliquid is also known as "On-Chain Binance."

However, this Dex project established after the collapse of FTX seems far less fortunate than Binance, even facing a more twisted fate than SBF, suffering almost a major attack every month since TGE, leaving Hyperliquid always hanging by a thread. Let's review these security incidents:

1. December 2024: Potential Threat from North Korean Hackers (Failed Attack)

Incident Overview: Security researchers discovered multiple identified North Korean hacker addresses conducting trading tests on Hyperliquid, accumulating losses of over $700,000. These addresses repeatedly traded to probe system vulnerabilities, possibly preparing for subsequent attacks.

Risk: Closed source code, opaque multi-signature mechanism, lack of public scrutiny and review.

2. January 2025: ETH Whale High-Leverage Attack

Incident Overview: A user opened a long position in ETH worth $300 million using 50x leverage, reaching a floating profit of $8 million before suddenly withdrawing most of the margin, pushing the liquidation price higher. Ultimately, HLP was forced to take over the position, incurring a loss of about $4 million.

Risk: Margin mechanism issues, HLP mechanism issues.

3. March 12, 2025: Second Attack by ETH Whale

Incident Overview: The attacker again used high leverage to operate ETH contracts, leading to further losses for the HLP treasury.

Response Measures: Emergency network upgrade on March 15, adjusting margin transfer rules (setting margin ratio to 20%).

4. March 26, 2025: JELLY Incident

Incident Overview: As described above.

Risk: Centralization issues caused by a limited number of validators, exacerbated by HLP mechanism issues under Cex siege.

In last year's article, I summarized some shortcomings of UNI. It is unlikely that humanity can have a completely decentralized Dex project for several reasons:

1. A successful Dex project must rely on a real team, and the important development direction of the project is often completely controlled by them, rather than the community (e.g., UNI's front-end fees and UniChain's launch were not voted on by the community).

2. Governance voting cannot be completely decentralized; projects with financing can be influenced by lead investors, while successful projects without financing are more centralized in decision-making and benefits (e.g., Pump.fun). The key point is that the solution lies in the witch problem, but the solution contradicts the bottom line of decentralization.

3. No one is willing to give up their voice and interests; among the well-known leaders in the blockchain world, even the most laid-back Vitalik cannot become the next Satoshi Nakamoto.

4. Dex projects must undoubtedly develop towards capital efficiency; just looking at AMM, development means taking on the risks of complexity and increased centralization. We have already discussed the issue of complexity in the article about UNI. UniChain is on the path to a more centralized "American alliance" (Optimism Superchain), moving towards a more efficient but also more fragile system.

Now, looking back at the aforementioned security incidents and considering Hyperliquid, given the current blockchain focus on value circulation and the large amount of abandoned infrastructure, Perp Dex should be the most capable of accommodating idle block space. However, reflecting through Hyperliquid, there are still many issues with the entire chain Perp Dex:

1. For such projects, from the user's choice perspective, capital efficiency and project background > decentralization. (From the position of Cex, this is also an inevitable stage.)

2. Perp Dex is not a black box; it is a casino where everyone has a perspective lens. In a situation where funds can leverage 50 times, how can algorithms and mechanisms defeat gamblers with perspective lenses?

3. No financing is indeed a good narrative, and high performance is also a good narrative. But in fact, it is also a characteristic of more centralized decision-making and projects. After the security incident, AMM must accept the consequences of gambling. Hyperliquid resembles a centralized exchange controlled by a few people, with the only advantage being that it is more transparent and does not require KYC.

4. In the absence of a dynamic risk control mechanism, should high-risk assets and mainstream assets be treated strictly differently? Should the withdrawal of large amounts of unrealized profits trigger risk control?

5. Will Hyperliquid ultimately become the "FTX 2.0" mentioned by the CEO of Bitget?

III. Internal Troubles of Hyperliquid

With the fifth question mentioned above, let's delve deeper. From the perspective of liquidity, although Hyperliquid is a leader among Dex, its whale deposits may normally account for nearly 20% of the platform's TVL. This means that if a larger-scale similar incident occurs again, it could trigger a mass exodus of whales, and Hyperliquid would instantly fall into a vicious cycle of liquidity depletion. At that point, the only option would be to pull the plug again, so the thickness and composition of liquidity are crucial for Perp Dex. Although Hyperliquid can currently compete directly with second-tier Cex, it is evident that without dynamic leverage limits, its on-chain liquidity is still insufficient to support such fixed high leverage.

From an architectural perspective, Hyperliquid is a Dex with its own Layer 1. The structure of the entire chain is quite innovative but not complex; simply put, it is EVM + matching engine. According to the official technical documentation, it is HyperEVM + HyperCore, and Hyperliquid L1 is not a standalone chain but is protected by the same HyperBFT consensus as HyperCore. This allows EVM to interact directly with HyperCore, such as spot and perpetual contracts.

We may need to explain HyperCore in detail here:

As mentioned above, HyperCore is equivalent to the matching engine of a centralized exchange. It shares the same consensus layer (HyperBFT) with HyperEVM, so the two are not independent chains but different execution environments within the same blockchain network. The public chain Artela, originating from the Alibaba system, actually has a similar idea. HyperCore is positioned to focus on running the core business logic of the exchange (such as order book matching, derivatives clearing, asset custody), and its underlying technology is based on RustVM (a virtual machine optimized for high-frequency trading), adopting a permissioned design that only supports officially recognized functions (such as USDC assets and tokens generated through the HIP-1 protocol). It achieves synergy with HyperEVM through precompiled contracts. For example, a common operation is: a user initiates a perpetual contract closing operation through a contract on HyperEVM → the operation is written into HyperCore's order book via a precompiled contract → HyperCore executes the clearing and settlement.

This dual-chain design under the same consensus layer also carries potential risks: 1. Inconsistent transaction states. 2. Synchronization delays. 3. Various interaction risks such as cross-chain clearing delays. 4. Not permissionless. For a Layer 1, decentralization requires time to settle, which we cannot demand. However, its architecture seems to harbor many potential risks.

The HLP (HyperliquidPool) treasury is central to the Hyperliquid ecosystem. Its design logic is to aggregate community users' assets like USDC to build a decentralized market maker fund pool, which is somewhat similar to LP in AMM but more efficient. The treasury's underlying structure adopts a "on-chain order book + strategy pool" dual-track system:

• Order Book Mode: HLP actively places orders to provide depth, supporting professional trading functions such as limit orders and stop-loss orders;

• Strategy Pool Mechanism: Allows ordinary users to create customized liquidity strategies (such as dynamic spread adjustments) and automatically execute market-making strategies through smart contracts, maintaining a 0.3% spread every 3 seconds to ensure flexibility in liquidity supply and maximize returns.

After users deposit assets, they will receive HLP token certificates, with revenue sources including:

• Trading fee sharing: The platform charges a trading fee of 0.02%-0.05%, which is distributed proportionally to liquidity providers;

• Funding rate arbitrage: In perpetual contract trading, HLP serves as the funding rate settlement pool for both long and short positions, capturing spread profits;

• Liquidation profits: When a user's position is forcibly liquidated, HLP absorbs the remaining margin as the final counterparty, creating additional revenue streams.

In short, the essence of HLP is to provide returns to users (similar to Cex's order matching combined with arbitrage strategies) and to provide liquidity for perpetual contract trading on Hyperliquid. When users go long, HLP sells contracts to meet user demand. When users go short, HLP buys contracts. As mentioned above, when a user's position is forcibly liquidated, HLP, as the final counterparty, will absorb the remaining margin, i.e., take over the position. At this point, if the attacker manipulates the token price upward, HLP must buy back the token at a high price to close the position. Based on the development trend of the JELLY incident, if the plug is not pulled, the treasury's explosion might have become a reality on March 27.

From a common perspective, the whale attacker is gambling against a dealer with transparent cards and fixed behavioral logic, and the funds used by this dealer come from the community and all partners.

IV. The Road is Long and Difficult

Perp Dex has existed for a long time, even longer than AMM. Its rise originated from dYdX's hybrid mechanism and flourished with Hyperliquid's comprehensive simulation of Cex. Whether in terms of returns or capital efficiency, Hyperliquid has achieved the best on-chain performance, but the problem is that maintaining this situation in the short term can still rely on centralized governance, but how to combat the inefficiencies and vulnerabilities brought by decentralization in the long term?

In the previous text, we are not merely criticizing Hyperliquid; we are also reflecting on decentralized systems, the fragmentation of liquidity, the evildoing brought by on-chain transparency, the inefficiency and centralization of voting governance, and the vulnerabilities under fixed logic. The road ahead for order book Dex is still fraught with thorns. In this years-long war against Cex, Hyperliquid can at least be considered the most aggressive player. So, based on this, what should be the next step?

V. The Market is Always Right

If we only consider correctness, I might casually say that FHE + Layer x combined with chain abstraction is the ultimate answer for Perp Dex, but clearly, such statements are meaningless. Just like a few years ago with ZK + On-Chain Game, very correct but lacking demand, these things will inevitably fade away under the wheels of time.

The success of DeFi is not solely due to how decentralized it is, but rather through the prism of decentralization, it meets financial needs that CeFi cannot fulfill.

Hyperliquid is a successful paradigm of Perp Dex at this point in time. It can be viewed as a Dex built on a single-chain or a Cex with a transparent ledger. From my perspective, it resembles a mirrored version of BNB Chain, where BNB achieved success through the resource advantages of the universe's first Cex. Hyperliquid, on the other hand, gained the worship of natives and refugees by donning the "chain" robe. If it truly intends to achieve enlightenment, the journey to obtain the scriptures will indeed require enduring numerous hardships.

As a product that maximally simulates Cex through the chain, it inevitably carries the inefficiencies bestowed by the chain. By converging leverage and implementing various insurance mechanisms, it strives to avoid the embarrassment of pulling the plug, allowing it to navigate short-term challenges more smoothly.

However, if we extend this timeline a bit, a new product may not need to adhere to conventional thinking. Should the exploration of governance and various mechanisms also follow the mindset established when creating Hyperliquid, prioritizing demand and efficiency?

References:

1. Hyperliquid Under Siege Again: A Multi-Party Game of "Praying Mantis Catches Cicada, Yellow Bird is Behind" https://www.techflowpost.com/article/detail_24591.html

2. Hyperliquid Liquidation Incident: Cold Reflection After the Leverage Storm https://mp.weixin.qq.com/s/z9WHrHV5x32s6jMNkS2YsQ